Targeting the Three Types of SD-WAN

SD-WAN is safely past its “peak of overinflated expectations,” and yet still a good majority of the dollars that eventually will be spent on transitioning private networks to software defined has yet to come. According to TeleGeography’s deep dive into the wide area network market, SD-WAN accounts for just 5 percent of WAN spending by global enterprises, accounting for about $3 billion. Techaisle surveys, meanwhile, counted 10 percent of SMBs as users of an SD-WAN, while Aryaka reported a similar 11 percent adoption in its most recent “Global State of the WAN” survey. That’s the same percentage that reported to “deploying now.”

Indeed, MPLS still dominates global enterprise spending. According to TeleGeography’s figures, MPLS is worth $17 billion and maintains 29 percent of the global WAN market. “Together, MPLS and access loops connecting to MPLS POPs account for 60 percent of the market for large multinational enterprise WANs,” said the research firm. Altogether, MPLS and DIA port charges remain the largest contributor at $33.6 billion, followed by local access charges at $22.1 billion.

“SD-WAN adoption is ramping up globally, but MPLS still remains the dominant networking technology,” TeleGeography senior manager Greg Bryan recently told Network World. “It’s interesting to note that DIA market share is larger than SD-WAN.”

While MPLS and private line aren’t about to disappear, Bryan expects the “vast majority of multinational enterprises are going to adopt SD-WAN over the coming years.” Among mid-sized firms, Techaisle researchers expect SMB adoption of SD-WAN to grow by as much as 145 percent. Techaisle found a high awareness of SD-WAN among U.S. SMBs and an understanding of the importance of proactive network management and network performance. The top motivators for SD-WAN consideration among SMBs surveyed by Techaisle are improving network and application performance, enabling network resiliency and failover, better management of application data traffic, and consistent security and connectivity across locations.

The large opportunity notwithstanding, SD-WAN has become a bit of a bucket term, entailing much more than one option for the customer. Like most new or emerging platforms, SD-WAN is a technology, not a solution or service. Different types of solutions are built using the technology, and pitching the wrong type of SD-WAN solution to the right customer is a waste of everyone’s time.

So, at the risk of over simplifying, generalizing and missing important exceptions, here’s a breakdown of the three types of SD-WAN architectures widely available to adopters and partners, including a profile of the ideal customers for each.


The first type of architecture is where SD-WAN started and is the simplest of the three formations. It’s generally referred to as either “edge-based” or “CPE-based” SD-WAN, and it consists of SD-WAN appliances located at two or more customer locations that talk to each other and measure latency, congestion, etc. The appliances can sit behind routers or replace them and can collapse other services in the typical branch stack by replacing appliances for WAN optimization and firewalls.

This type of SD-WAN is a relatively simple, affordable, quick and flexible way to gain insight and optimization of traffic over a pair of MPLS, private line or internet links while also providing automatic failover. The boxes are touted as plug-and-play and connections as secure. But that’s only between the boxes and their respective locations.

Edge-based SD-WANs rely on two devices talking to each other to measure and shape the network traffic between them. There is no service provider POP or gateway to the “cloud” in this scenario, just the links between locations, so the abilities to do dynamic path selection don’t extend out to cloud and SaaS-based services. While it can provide better and speedier access to cloud and SaaS tools, quality of service and traffic shaping can be controlled only at the edge.

This premises-based SD-WAN is most attractive to organizations with a DIY spirit that run a lot of in-house applications and operations housed in data centers, rather than a cloud-centric architecture. One common small configuration includes bonding an MPLS link for voice, video/virtual desktop with an SD-WAN-controlled internet link for everything else. Again, this is a relatively affordable, simple, flexible way to “digitally transform” an existing private network.

(Editor’s note: We soon could see an edge-based SD-WAN solution that has the unique ability to take round trip measurements to optimize SaaS-based applications.)

What are potential barriers that you see to SD-WAN adoption in your organization? (Among global enterprises) 2022 2021
Lack of knowledge or skill sets of internal employees 31% 33%
Internal politics 30% 27%
Application performance concerns for remote locations globally (most solutions are regional) 29% 36%
Will result in increased spending 29% 29%
It’s still very new technology 28% 31%
Will result in additional complexity 28% 29%
Lack of will in IT leadership 27% 30%
Lack of SLAs 21% 22%
There are no barriers to adoption 10% 9%
Other 1% 1%

Source: Aryaka SOTW

Through the Gateway

For the second SD-WAN architecture we’ll discuss, which generally is described as a “gateway-based” or “orchestrator SD-WAN,” a provider’s gateway device acts as that second device that the edge-based device talks to in order to measure packet loss, jitter, latency and congestion over a bonded pair of two or more circuits. This introduces an orchestration layer between the CPE hardware and the network to create a true software-defined or virtual network. It provides all the same functions as an edge-based SD-WAN plus the additional benefits of a cloud infrastructure.

These cloud gateways can be thought of as large, multitenant SD-WAN devices deployed into top-tier data centers across the globe.

“Instead of just QoS at the edge for SaaS apps, companies can now leverage gateways to optimize the majority of the route to the applications they’re accessing,” posted Sarah Arnstein, sales engineer at Avant Communications. “In fact, these gateways are often deployed in the same data centers as major SaaS applications, optimizing traffic from end to end.”

There is still some reliance on the public internet in this set-up, but if an internet circuit drops down and the enterprise uses a secondary internet line, SD-WAN will re-route their cloud applications onto that secondary line, without losing the current session. In turn, this method of delivering SD-WAN is ideal for organizations that are reliant on a lot of cloud and SaaS applications within a given region or country.

“Choose this option if you want to mesh sites with your existing firewall while migrating into the cloud,” advised executives at BCM One. “This is also an excellent solution for single-site organizations, fully-cloud operations or organizations with multiple locations that do not need site meshing.”

Loosely within this category falls an SD-WAN version whereby the provider (typically a carrier) deploys edge devices in the cloud, “essentially turning them into a gateway- or POP-based SD-WAN solution,” explained Arnstein. This architecture is sometime described as telco-provided or carrier-managed SD-WAN, offering installation and delivery of the connectivity, as well as any appliance, often along with SLAs. Security capabilities may be supplied by a managed SD-WAN service provider based on customer requirements, and the burden of managing the SD-WAN controller, or central management tool, moves from the end user’s IT department to the provider.

SD-WAN as a managed service, instead of buying the appliances from a vendor, tends to cost about 1.9 times more than the DIY approach, according to TeleGeography, but the research firm also found that using an SD-WAN implementation can save organizations 50 percent or more compared to traditional WANs.

“This can be a great solution for companies interested in the features of a particular edge-based platform but looking for a gateway/POP solution to optimize SaaS,” Arnstein explained.

Added Backbone

Whether or not a telco/managed SD-WAN configuration is as robust and reliable as a true “born in the cloud” SD-WAN depends on the specific carrier. In this third type of cloud-plus-backbone SD-WAN architecture, the SD-WAN box connects to a provider’s nearest point of presence (POP), where the traffic is switched to that provider’s private network backbone (similar to an MPLS link). These types of SD-WANs commonly are described as NaaS (network as a service) or POP-based SD-WANs.

“POPs serve as a second, multitenant SD-WAN device to help optimize the traffic between the client site and the cloud,” said Arnstein.

Redirecting traffic to an SD-WAN provider’s private backbone means reduced levels of latency, jitter and packet loss and increased traffic performance, reliability and security. And similar to the gateway-based architecture, the backbones tend to be straightforwardly connected with the leading cloud app providers, such as Office 365 and AWS, thereby improving the reliability and the overall performance of those applications all the way through.

At the same time, POP-based SD-WANs can be great for site-to-site traffic as well, argued Arnstein.

“Often, POP-based SD-WAN providers have deployed these POPs globally, which can be a game-changer for global enterprises with a lot of site-to-site traffic,” she continued. “This is because of the middle mile that’s included in most of these platforms.”

POP-based solutions are especially valuable globally, said Arnstein, between countries or continents where the internet backbone is not as reliable.

“This means that if a user in Europe needs to access an application hosted in the USA, they can use that middle mile to give them the most efficient route possible to get there,” she continued.

POP-based also is one of the few instances where SD-WAN can be useful with just one circuit, advised Arnstein. “Even with one circuit, the traffic is optimized over the middle mile, because of the network backbone.”

Businesses utilizing a POP-based or NaaS solution, said executives at Aryaka, “can rely on a fast and secure private core network without having to build out a heavy infrastructure and manage additional hardware at the edge, making it simple to expand branch offices or move locations as they please, without compromising on reliability, and application performance, or security.” Aryaka is a leading provider of this type of architecture, along with Cato Networks. Masergy and Bigleaf.

For those interested in further discussing the SD-WAN market opportunity, we’ll be taking a deeper dive into selling these three types of SD-WAN during a panel session at our upcoming CVx event in Scottsdale this November. We look forward to seeing everyone this winter in the desert.